| 1 |
On 06/20/2013 05:27 AM, Zac Medico wrote: |
| 2 |
> On 06/19/2013 08:25 PM, Zac Medico wrote: |
| 3 |
>> On 06/19/2013 07:59 PM, "Paweł Hajdan, Jr." wrote: |
| 4 |
>>> I was surprised by repoman just dropping FEATURES="sign" . I'm aware |
| 5 |
>>> that at that time it has to commit an updated Manifest to prevent |
| 6 |
>>> breakages, so if gpg fails it proceeds, but is there something it could |
| 7 |
>>> do to check gpg sanity before committing anything? |
| 8 |
Failing at the password prompt (two chances on regular pinentry) also |
| 9 |
results in this behaviour. |
| 10 |
|
| 11 |
>> It seems the simplest way to go would be to do a test signature before |
| 12 |
>> commit, as suggested here: |
| 13 |
>> |
| 14 |
>> https://bugs.gentoo.org/show_bug.cgi?id=298605 |
| 15 |
>> |
| 16 |
>> Is it okay to assume that everyone uses gpg-agent, so they won't have to |
| 17 |
>> enter the passphrase more than once? |
| 18 |
I have a remote (ssh) test-box to work on the tree, I don't want to |
| 19 |
cache my decrypted key there. |
| 20 |
Having the crypted version there is bad enough, but GPG_AGENT protocol |
| 21 |
only exchanges passwords (unlike SSH_AGENT). GPG_AGENT forwarding over |
| 22 |
SSH can be done with a general unix domain socket forwading hack [1]. |
| 23 |
|
| 24 |
> Or, we could skip the test signature if the GPG_AGENT_INFO variable is |
| 25 |
> not set? |
| 26 |
It's a clue, but the key-cache can be expired and a bad password entry |
| 27 |
can still result in failure. |
| 28 |
|
| 29 |
[1] http://25thandclement.com/~william/projects/streamlocal.html |
| 30 |
|
| 31 |
|
| 32 |
-- |
| 33 |
Michael Weber |
| 34 |
Gentoo Developer |
| 35 |
web: https://xmw.de/ |
| 36 |
mailto: Michael Weber <xmw@g.o> |
Archives